Cloud computing has certainly been a key factor in the development of the next generation of the internet. This technology has facilitated both online cloud storage and more recently online services that have enabled Software as a Service (SaaS) applications available by subscription.
While the cloud has been an enabler for these services, as well as presenting solutions for remote working and work-from-home setups during the COVID-19 lockdown, it has also presented new challenges, especially as workers slowly return to the workplace.
The days when an IT department could control the set up of computers and the entire flow of traffic are long gone. Now, with cloud computing, there are virtual resources all over the internet, including data, applications, and infrastructure. Unfortunately, this has the potential for sensitive data to be exposed during the transmission from the client to the cloud server and back again.
Modern network vulnerabilities
One type of common attack on cloud computing is known as session hijacking. The hacker can exploit a valid computer session, granting them access to the resources of the cloud service provider.
The cookies that are used for authentication by the cloud are stolen by the hacker, allowing them to hijack the session. This can be done by the hacker using a ‘sniffing program’ that searches the traffic between the client and the cloud for cookies and other data, grabbing the data, and exploiting it.
Security strategies and solutions
There are several strategies the have been developed to increase security between client and cloud, but they require to be tailored to the specifics of the situation and the cloud platform.
The base on which the cloud is built is known as Infrastructure as a Service (IaaS), and to protect this there needs to be network segmentation, and monitoring of the network needs to include Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
There also should be virtual web application firewalls attached to the cloud website to protect against malware, while virtual routers and virtual network-based firewalls along the edge of the cloud provide perimeter protection.
Another solution is the Platform as a Service (PaaS). With this, the cloud service provider provides the platform to the client, from which they can build applications, while the cloud provider builds and services the infrastructure.
Security for this type of cloud service can be provided via IP restrictions and logging. Also, there should be API Gateways deployed, and a Cloud Access Security Broker (CASB) which controls the policies.
When using SaaS, both the software and the data are hosted in the cloud, providing a service to each user via am internet browser. The security for this configuration is usually provided by the cloud service provider, and typically part of the service contract.
One last security measure is to integrate a Virtual Private Network (VPN) into the cloud, or a cloudVPN, or even known as a VPN as a Service (VPNaaS). This cloudVPN is designed to give users the ability to access the cloud server’s applications through a browser securely by encrypting the communications.
If you need cloud application integration services in London, get in touch!